Home > Uncategorized > Security News #0x46

Security News #0x46

Exploits
  • Last week we mentioned a privilege escalation attack on FreeBSD 9.0/9.1 systems (CVE 2013-2171). Metasploit now has a module to exploit this vulnerability.
  • Jack Whitten, a researcher in the UK, provided details of an attack on Facebook that would allow for remote account takeover. (And yes, Facebook has fixed the issue.)
Security Tools
  • The folks at Kahu Security have a nice piece on Revelo, a Javascript de-obfuscator.
  • I read a nice piece by khr0x40sh on how to retrieve the SSL key used in Metepreter.
Learning More
Industry News
  • The source code for the Carberp trojan has been leaked to the public. Though the folks at CSIS do not have a download link, the Reddit page does. I can’t vouch for those links though; as commercial cybercrime tools are not my thing, you won’t see me going there either. Brian Krebs has a nice summary of the broader issues.
  • Opera reports that they were attacked, and that the attackers made off with at least one old and expired code signing certificate.
  • As a professor, my heart was warmed when I read this.
  • Threatpost also reports that Sprite Software’s tool AndroidBackup which is installed on some LG Android phones may allow an attacker to gain root access to the phone. And if you think this is an isolated case, here is Justin Case discussing an attack vector for LG phones.
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: